HTTP: Malformed EMF File
This signature detects attempts to exploit a known vulnerability against Microsoft Windows. A vulnerability exists in the rendering of Enhanced Metafile (EMF) image format that could allow remote code execution. If a user opened a malicious EMF file, they could be compromised. Windows 2000, Windows 2003, Windows 2003 SP1, Windows NT4, Windows NT4 Terminal Server Edition, Windows Vista, Windows XP, and Windows XP SP2 are affected.
Extended Description
Microsoft Windows Graphics Rendering Engine is prone to a local privilege-escalation vulnerability when rendering malformed EMF image files. An attacker may exploit this issue to execute arbitrary code with SYSTEM-level privileges, facilitating the complete compromise of affected computers.
Affected Products
Avaya messaging_application_server,Microsoft windows_server_2003_datacenter_x64_edition
References
CVE: CVE-2022-34728
URL: http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx http://www.frsirt.com/english/advisories/2007/1215 http://www.securitytracker.com/id?1017844 http://www.zerodayinitiative.com/advisories/zdi-19-555/ https://www.seljan.hu/posts/out-of-bounds-read-information-disclosure-vulnerability-in-microsoft-windows-gdi-emr_setpixelv-record/
Short Name
HTTP:STC:IMG:MAL-EMF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2007-1212 CVE-2018-4982 CVE-2018-8595 CVE-2019-0616 CVE-2019-1010 CVE-2022-34728 EMF File Malformed bid:106083 bid:23278
Release Date
04/03/2007
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Nortel_networks
Microsoft
Avaya
CVSS Score
6.8
6.6
4.3